Biggest-ever criminal botnet links computers in more than 172 countries
Cybersecurity experts say that the world's biggest-ever botnet is still operating, despite the arrests of two cyber criminals, which required coordinating law enforcement across two continents.
(Page 2 of 2)
Anonymous and cheap to build, botnets are a stealthy, anonymous, nearly ideal criminal platform for Internet attacks aimed at shutting down company websites – unless an extortion payment is made. But they are especially good for pilfering bank logons, passwords, credit card numbers, and social security numbers, says Luis Corrons, technical director of Panda Labs, whose company is assisting in the analysis of the new botnet.Skip to next paragraph
Subscribe Today to the Monitor
As of last fall, Hijazi says Unveillance was tracking about 2 million individual IP addresses globally – each representing an individual computer, or in many cases, an entire computer network. Just seven months later, the firm is tracking more than 25 million enslaved computers. Even so, that's just the tip of the iceberg, says Hijazi. He estimates at least 6 percent of the more than 4 billion IP addresses in the world are zombie machines.
A pyrrhic victory for law enforcement?
In a first attempt to take down this new goliath botnet, law enforcement authorities from Slovenia, Bosnia and Herzegovina, Interpol, and the Federal Bureau of Investigation earlier this month arrested two members of the gang, one of whom had recently purchased a luxury apartment along with several expensive cars.
But even though authorities confiscated computer equipment and took over several of the "command and control" computers used to deliver orders to the clandestine criminal network, Unveillance says the bulk of that massive botnet is still intact, “actively gathering private information," and feeding back stolen information to other command and control servers.
What that means, Hijazi says, is that either the botnet is operating without a human operator – on autopilot – or, more likely, being controlled by other criminals.
"It's still dangerous," he says. "It's likely that, if they don't already control it, bad guys are moving fast to get control of it."
It's difficult under the best of circumstances to establish exactly how many computers are under the control of a botnet. Last month, the FBI took control of and began dismantling the “Coreflood botnet,” a worldwide network of 2.3 million personal computers, created by a Russian cybercrime gang. Coreflood had been vacuuming up vast amounts of US personal financial and government data for almost a decade – using about a million slaved personal computers residing in the US.